Majordomo-Users: Re: Exploit?

Majordomo-Users
(February 2001)

Indexed By Thread: [Previous] [Next]

Subject:	Re: Exploit?
From:	Curtis Maurand <curtis @ lamere . net>
Date:	14 Feb 2001 09:53:19 -0500
To:	gabe @ mystery . com
Cc:	majordomo-users @ GreatCircle . COM
In-reply-to:	<20010213132404.C2581@angus.mystery.com>
References:	<NEBBLHLJJMNFKPICLLBGOEGGCNAA.brians@meetingbywire.com><Pine.LNX.4.10.10102131212460.13411-100000@mail.lamere.net> <20010213132404.C2581@angus.mystery.com>


> } 
> } Yes
> 
> Are you sure it isn't "Get" followed by "Your Private,"?  Hotmail messages
> tend to end with:
> 
>   Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com.
> 
> This tends to be interpretted by Majordomo as a "get" request.
> 
 13:48:53 lamere.net majordomo[14478] {cg2000@technologist.com} get  copy,

 17:13:32 lamere.net majordomo[20213] {jedwards_1@chemie.uni-bremen.de}
get  started
 14:56:01 lamere.net majordomo[523] {Curtis Maurand <abuse@lamere.net>}
get  
 06:00:53 lamere.net majordomo[2605] {vem98@amrer.net} get  orders

>From the log entry above it appears that you were right.  This is
exactly what we are seeing.  Majordomo appears to be ignoring everything
but the help and get messages.  I  thought that it might be spammers
trying to send to the majordomo mail account.  Thanks for the
clarification.  I wasn't reading the logs quit deep enough.

Thanks again, I guess I can un comment the help code in the majordomo
script.

Curtis

References:

Exploit?
From: "Brian Sullivan" <brians@meetingbywire.com>
Re: Exploit?
From: Curtis Maurand <curtis@lamere.net>
Re: Exploit?
From: Gabe Helou <gabe@angus.mystery.com>

Indexed By Date	Previous:	Set of Moderated list... From: Grigory Kljuchnikov <grn@ispras.ru>
Indexed By Date	Next:	Re: relaying? From: Layne Meier <lmeier@ajc.com>
Indexed By Thread	Previous:	Re: Exploit? From: Gabe Helou <gabe@angus.mystery.com>
Indexed By Thread	Next:	Re: Exploit? From: Dan Liston <dliston@netscape.com>